Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: accessing, by a managerial entity via a client computing device, a user configuration interface generated by a web-based service; communicating, by the client computing device, a managerial identity to an authentication server for verification; receiving a relationship ticket from the authentication server after the managerial identity has been successfully verified, wherein the relationship ticket received from the authentication server is encrypted so that the relationship ticket cannot be decrypted by the client computing device, wherein the relationship ticket includes the managerial identity and identifies an associate entity that is to have limited access to the web-based service; generating, by the managerial entity via the client computing device, a request to establish a selected permission level for the associate entity which will limit access by the associate entity to the web-based service; sending, by the client computing device, the request and the relationship ticket to the web-based service to: decrypt the relationship ticket; authenticate the managerial identity, wherein the web-based service authenticates the managerial identity with the authentication server using contents of the relationship ticket; and establish the selected permission level for the associate entity; and receiving, by the client computing device, a success code from the web-based service if the selected permission level is established for the associate entity, wherein the method does not require the use of secure communications protocols including SSL (Security Socket Layer), wherein the client computing device, the web-based service and the authentication server communicate using an unsecure or untrusted communication link.
2. A method as recited in claim 1 further including receiving a failure notification from the web-based service if the selected permission level is not established.
3. A method as recited in claim 1 wherein sending the request to the web-based service includes using an untrusted connection with the web-based service.
4. A method as recited in claim 1 wherein the request to the web-based service is sent using an unsecure connection with the web-based service.
5. A method as recited in claim 1 wherein the relationship ticket is encrypted by the authentication server.
6. A method as recited in claim 1 wherein the selected permission level is established if the relationship ticket is authenticated.
7. A method as recited in claim 1 wherein the authentication server is a .NET Passport server.
8. A method as recited in claim 1 wherein selecting a permission level associated with an associate entity usage of a web-based service is performed by a managerial entity of the associate entity.
9. A computer program stored in one or more computer storage devices to execute the method recited in claim 1 .
10. A method comprising: communicating, by a parental entity via a client computing device, a parental identity to an authentication server for verification; receiving a relationship ticket from the authentication server after the parental identity has been successfully verified, wherein the relationship ticket received from the authentication server is encrypted so that the relationship ticket cannot be decrypted by the client computing device which receives the relationship ticket, wherein the relationship ticket includes the parental identity and identifies a child that is to have limited access to a web server; generating, by the parental entity via the client computing device, a request to establish a selected permission level for the child which will limit the access of the child to the web server; sending, by the parental entity via the client computing device, the request and the relationship ticket to the web server to: decrypt the relationship ticket; authenticate the parental identity, wherein the web server authenticates the parental identity with the authentication server using contents of the relationship ticket; and establish the selected permission level for the child; and receiving, by the parental entity via the client computing device, a success code from the web server if the selected permission level is established for the child, wherein the method does not require the use of secure communications protocols including SSL (Security Socket Layer), wherein the client computing device, the web server and the authentication server communicate using an unsecure and untrusted communication link.
11. A method as recited in claim 10 wherein the relationship ticket is encrypted by the authentication server.
12. A method as recited in claim 10 wherein the relationship ticket is encrypted by the authentication server, and wherein the relationship ticket is decrypted by the web server.
13. A method as recited in claim 10 wherein the selected permission level is established if the relationship ticket is authenticated.
14. A method as recited in claim 10 wherein the authentication server is a .NET Passport server.
15. A method as recited in claim 10 wherein selecting a permission level associated with a usage of a web-based service by the child is performed by the parental entity.
16. A computer program stored in one or more computer storage devices to execute the method recited in claim 10 .
17. One or more computer storage devices having computer-executable instructions stored thereon that, when executed, direct a client computing device to perform a method, the method comprising: selecting, by an employer via the client computing device, a web-based system access permission level associated with an employee; obtaining, by the employer via the client computing device, a relationship ticket from an authentication server, wherein the relationship ticket obtained from the authentication server is encrypted and includes information regarding an employer identity and information regarding an identity of the employee, wherein the relationship ticket received from the authentication server is encrypted so that the relationship ticket cannot be decrypted by the client computing device, wherein the web-based system access by the employee is to be limited; generating, by the employer via the client computing device, a request to establish a selected permission level for the employee which will limit access to the web-based system by the employee; sending the request and the relationship ticket to the web-based system for decryption of the relationship ticket, authentication of the employer identity with the authentication server facilitated by the relationship ticket, and establishment of the selected permission level for the employee; and receiving a success code from the web-based system if the requested permission level is established for the employee, wherein the method does not require the use of secure communications protocols including SSL (Security Socket Layer) and the client computing device, the web-based system and the authentication server communicate using an unsecure and untrusted communication link.
Unknown
November 30, 2010
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.